TA0008: TA0008
Essential information
- MITRE technique ID
TA0008- Confidence
- 100/100
- Revoked
- No
- Published
- 20/12/2025 22:39
- Modified
- 29/05/2026 12:20
- Author / Source
- AlienVault
Description
No description.
Marking (TLP)
TLP:CLEAR
External references
Related entities
Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.
Intrusion sets (APT) (6)
-
Lazarus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:17 · Modified 29/05/2026 12:20
-
interlock usesRansomware.Live Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 08:54 · Modified 13/03/2026 10:45 -
UTA0178 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 03:13 · Modified 21/12/2025 03:13
-
gunra usesAlienVault Confidence 100
No description available
First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 15:08 · Modified 29/12/2025 11:12 -
DPRK usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 23:19 · Modified 20/12/2025 23:19
-
The MITRE Corporation Confidence 100
[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 27/03/2026 01:14
Malware (29)
-
SharpHound usesFamilyPublished 16/01/2026 13:31 · Modified 16/01/2026 13:31
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
-
DoNoT Loader usesFamilyPublished 24/09/2025 10:28 · Modified 24/09/2025 10:28
-
mimikatz usesFamilyPublished 11/05/2026 16:15 · Modified 11/05/2026 16:15
-
SafetyKatz usesFamilyPublished 02/11/2024 01:03 · Modified 02/11/2024 01:03
-
Gunra Ransomware usesFamilyPublished 24/09/2025 10:28 · Modified 24/09/2025 10:28
- Roaming Mantis
- H0lyGh0st
- Maui
- Erbium
-
Lumma Stealer usesFamilyPublished 08/06/2026 19:36 · Modified 08/06/2026 19:36
- GLASSTOKEN
- Operation DreamJob
- CHAINLINE
- DeathNote
-
Interlock usesFamilyPublished 12/06/2026 21:29 · Modified 12/06/2026 21:29
-
Rclone usesFamilyPublished 11/05/2026 16:15 · Modified 11/05/2026 16:15
- Gopuram
-
Cl0p usesFamilyPublished 12/02/2025 16:15 · Modified 12/02/2025 16:15
- DPRK
- WIREFIRE
- BLINDINGCAN
- Petya
- LIGHTWIRE
-
Rubeus usesFamilyPublished 30/04/2026 10:11 · Modified 30/04/2026 10:11
- BUSHWALK
-
COPPERHEDGE usesFamilyPublished 24/04/2025 08:13 · Modified 24/04/2025 08:13
-
NukeSped usesFamilyPublished 10/04/2025 18:50 · Modified 10/04/2025 18:50
- Ryuk
Reports (5)
-
Threat landscape — Belgium relatedConfidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 ToolsPublished 29/05/2026 11:51 · threat-report
-
22 MITREs 3 Malwares 1 APTPublished 24/09/2025 10:28 · Modified 24/09/2025 12:33
-
1 MITRE 200 ObservablesPublished 15/05/2025 13:26 · Modified 21/05/2025 20:18
-
5 MITREs 1 Malware 1 APTPublished 28/01/2025 18:12 · Modified 29/01/2025 17:02
-
8 MITREs 6 MalwaresPublished 02/11/2024 01:03 · Modified 04/11/2024 11:31
Vulnerabilities (CVE) (8)
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user …
- Attack vector
- NETWORK
- Published
- 31/01/2024
- Modified
- 21/12/2025
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) …
- Attack vector
- Network
- Published
- 13/02/2024
- Modified
- 27/05/2026
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
- Published
- 28/01/2022
- Modified
- 20/12/2025
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …
- Attack vector
- Network
- Published
- 31/01/2024
- Modified
- 27/05/2026
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.
- Attack vector
- Network
- Published
- 10/02/2023
- Modified
- 20/12/2025